From dc09fbf0db139aa339f35ec7fa7fb10453d4a6d3 Mon Sep 17 00:00:00 2001 From: travisutk Date: Thu, 9 Dec 2010 23:42:00 +0000 Subject: [PATCH] CC1110 packet sniffing works! git-svn-id: https://svn.code.sf.net/p/goodfet/code/trunk@785 12e2690d-a6be-4b82-a7b7-67c4a43b65c8 --- client/GoodFETCC.py | 18 ++++++++++-------- client/goodfet.cc | 15 +++++---------- shellcode/chipcon/cc1110/rxpacket.c | 11 +++++------ 3 files changed, 20 insertions(+), 24 deletions(-) diff --git a/client/GoodFETCC.py b/client/GoodFETCC.py index 23e6fca..9c838b1 100644 --- a/client/GoodFETCC.py +++ b/client/GoodFETCC.py @@ -225,7 +225,7 @@ class GoodFETCC(GoodFET): self.pokebysym("MDMCFG1" , 0x22) # Modem configuration. self.pokebysym("MDMCFG0" , 0xF8) # Modem configuration. if band=="ismus" or band=="us": - self.pokebysym("CHANNR" , 0); # 20) # Channel number. + self.pokebysym("CHANNR" , 20) # Channel number. else: self.pokebysym("CHANNR" , 0x00) # Channel number. self.pokebysym("DEVIATN" , 0x42) # Modem deviation setting (when FSK modulation is enabled). @@ -245,13 +245,13 @@ class GoodFETCC(GoodFET): self.pokebysym("TEST0" , 0x09) # Various test settings. #self.pokebysym("PA_TABLE0", 0xC0) # PA output power setting. self.pokebysym("PKTCTRL1" , 0x04) # Packet automation control. - #self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum. - self.pokebysym("PKTCTRL0" , 0x01) # Packet automation control, w/o checksum. + self.pokebysym("PKTCTRL0" , 0x05) # Packet automation control, w/ checksum. + #self.pokebysym("PKTCTRL0" , 0x01) # Packet automation control, w/o checksum. self.pokebysym("ADDR" , 0x00) # Device address. self.pokebysym("PKTLEN" , 0xFF) # Packet length. - self.pokebysym("SYNC1",0x04); - self.pokebysym("SYNC0",0x05); + self.pokebysym("SYNC1",0xD3); + self.pokebysym("SYNC0",0x91); def RF_carrier(self): """Hold a carrier wave on the present frequency.""" @@ -344,14 +344,16 @@ class GoodFETCC(GoodFET): return 0; def RF_rxpacket(self): """Get a packet from the radio. Returns None if none is waiting.""" - RFST=0xDFE1 - self.pokebyte(RFST,0x01); #SCAL + #RFST=0xDFE1 + #self.pokebyte(RFST,0x01); #SCAL #self.pokebyte(RFST,0x02); #SRX self.shellcodefile("rxpacket.ihx"); #time.sleep(1); self.halt(); - return self.peekblock(0xFE00,32,"data"); + len=self.peek8(0xFE00,"xdata"); + #print "Grabbing %i bytes." %len; + return self.peekblock(0xFE00,len,"data"); def RF_txpacket(self,payload): """Transmit a packet. Untested.""" diff --git a/client/goodfet.cc b/client/goodfet.cc index 9f0b353..96d2827 100755 --- a/client/goodfet.cc +++ b/client/goodfet.cc @@ -19,7 +19,7 @@ def printpacket(packet): #print "Printing packet." for foo in packet: i=i+1; - #if i>client.packetlen: break; + #if i>packet[0]+1: break; s="%s %02x" % (s,foo); print "%s" %s; @@ -155,15 +155,10 @@ if(sys.argv[1]=="sniffsimpliciti"): client.config_simpliciti(region); - #OpenBeacon defines these in little endian as follows. - #client.RF_setmaclen(5); # SETUP_AW for 5-byte addresses. - #0x01, 0x02, 0x03, 0x02, 0x01 - #client.RF_setsmac(0x0102030201); - #'O', 'C', 'A', 'E', 'B' - #client.RF_settmac(0x424541434F); - - #Set packet length of 16. - #client.RF_setpacketlen(16); + #For BSL sniffing, different frequencies. + #client.pokebysym("FREQ2",0x25); + #client.pokebysym("FREQ1",0x95); + #client.pokebysym("FREQ0",0x55); print "Listening as %x on %f MHz" % (client.RF_getsmac(), diff --git a/shellcode/chipcon/cc1110/rxpacket.c b/shellcode/chipcon/cc1110/rxpacket.c index eb722d1..145d08f 100644 --- a/shellcode/chipcon/cc1110/rxpacket.c +++ b/shellcode/chipcon/cc1110/rxpacket.c @@ -1,7 +1,8 @@ #include #include "cc1110-ext.h" -char __xdata at 0xfe00 packet[256] ; +#define MAXLEN 0xFF +char __xdata at 0xfe00 packet[MAXLEN] ; //! Receives a packet out of the radio from 0xFE00. void main(){ @@ -23,16 +24,14 @@ void main(){ RFST=RFST_SRX; while(MARCSTATE!=MARC_STATE_RX); - while(i!=len+1){ + while(i